X-Git-Url: http://git.rot13.org/?p=goodfet;a=blobdiff_plain;f=client%2FGoodFETCC.py;h=fcb531123fd2a689738d081f86c06dc15cbfbf46;hp=67c1be9183f48bfcd2811254a31daec901846f3e;hb=e027df82b3f7b6c0ed428a504220e13ae02886e9;hpb=1beb021ea684138082d1eadbfd30e0c404444203 diff --git a/client/GoodFETCC.py b/client/GoodFETCC.py index 67c1be9..fcb5311 100644 --- a/client/GoodFETCC.py +++ b/client/GoodFETCC.py @@ -17,26 +17,24 @@ class GoodFETCC(GoodFET): """A GoodFET variant for use with Chipcon 8051 Zigbee SoC.""" APP=0x30; - - - smartrfpath="/opt/smartrf7"; def loadsymbols(self): try: self.SRF_loadsymbols(); except: if self.verbose>0: print "SmartRF not found at %s." % self.smartrfpath; def SRF_chipdom(self,chip="cc1110", doc="register_definition.xml"): + """Loads the chip XML definitions from SmartRF7.""" fn="%s/config/xml/%s/%s" % (self.smartrfpath,chip,doc); #print "Opening %s" % fn; return xml.dom.minidom.parse(fn) def CMDrs(self,args=[]): """Chip command to grab the radio state.""" - try: - self.SRF_radiostate(); - except: - print "Error printing radio state."; - print "SmartRF not found at %s." % self.smartrfpath; + #try: + self.SRF_radiostate(); + #except: + # print "Error printing radio state."; + # print "SmartRF not found at %s." % self.smartrfpath; def SRF_bitfieldstr(self,bf): name="unused"; start=0; @@ -95,7 +93,6 @@ class GoodFETCC(GoodFET): self.pokebysym("TEST1",0x31); self.pokebysym("TEST0",0x09); - #self.pokebysym("PA_TABLE0" , 0x60); #above mid #self.pokebysym("FSCAL2" , 0x2A); #above mid self.pokebysym("FSCAL2" , 0x0A); #beneath mid @@ -126,21 +123,39 @@ class GoodFETCC(GoodFET): hz=freq*396.728515625; return hz; - def shellcodefile(self,filename,wait=1): + + def RF_getchannel(self): + """Get the frequency in Hz.""" + #FIXME CC1110 specific + freq=0; + try: + freq2=self.peekbysym("FREQ2"); + freq1=self.peekbysym("FREQ1"); + freq0=self.peekbysym("FREQ0"); + freq=(freq2<<16)+(freq1<<8)+freq0; + except: + freq=0; + + return freq; + + + lastshellcode="none"; + def shellcodefile(self,filename,wait=1, alwaysreload=0): """Run a fragment of shellcode by name.""" #FIXME: should identify chip model number, use shellcode for that chip. - file=__file__; - file=file.replace("GoodFETCC.pyc","GoodFETCC.py"); - path=file.replace("client/GoodFETCC.py","shellcode/chipcon/cc1110/"); - #print "File\t%s" % file; - #print "Path\t%s" % path; - filename=path+filename; - #print "Loading shelcode from %s" % filename; - - #Load the shellcode. - h=IntelHex(filename); - for i in h._buf.keys(): - self.CCpokedatabyte(i,h[i]); + + if self.lastshellcode!=filename or alwaysreload>0: + self.lastshellcode=filename; + file=__file__; + file=file.replace("GoodFETCC.pyc","GoodFETCC.py"); + #TODO make this generic + path=file.replace("GoodFETCC.py","shellcode/chipcon/cc1110/"); + filename=path+filename; + + #Load the shellcode. + h=IntelHex(filename); + for i in h._buf.keys(): + self.CCpokedatabyte(i,h[i]); #Execute it. self.CCdebuginstr([0x02, 0xf0, 0x00]); #ljmp 0xF000 @@ -211,9 +226,224 @@ class GoodFETCC(GoodFET): RFST=0xDFE1 self.pokebyte(RFST,state); #Return to idle state. return; + def config_dash7(self,band="lf"): + #These settings came from the OpenTag project's GIT repo on 18 Dec, 2010. + #Waiting for official confirmation of the accuracy. + + self.pokebysym("FSCTRL1" , 0x08) # Frequency synthesizer control. + self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control. + + #Don't change these while the radio is active. + self.pokebysym("FSCAL3" , 0xEA) # Frequency synthesizer calibration. + self.pokebysym("FSCAL2" , 0x2A) # Frequency synthesizer calibration. + self.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration. + self.pokebysym("FSCAL0" , 0x1F) # Frequency synthesizer calibration. + + if band=="ismeu" or band=="eu": + print "There is no official eu band for dash7." + self.pokebysym("FREQ2" , 0x21) # Frequency control word, high byte. + self.pokebysym("FREQ1" , 0x71) # Frequency control word, middle byte. + self.pokebysym("FREQ0" , 0x7a) # Frequency control word, low byte. + elif band=="ismus" or band=="us": + print "There is no official us band for dash7." + self.pokebysym("FREQ2" , 0x22) # Frequency control word, high byte. + self.pokebysym("FREQ1" , 0xB1) # Frequency control word, middle byte. + self.pokebysym("FREQ0" , 0x3B) # Frequency control word, low byte. + elif band=="ismlf" or band=="lf": + # 433.9198 MHz, same as Simpliciti. + self.pokebysym("FREQ2" , 0x10) # Frequency control word, high byte. + self.pokebysym("FREQ1" , 0xB0) # Frequency control word, middle byte. + self.pokebysym("FREQ0" , 0x71) # Frequency control word, low byte. + elif band=="none": + pass; + else: + #Got a frequency, not a band. + self.RF_setfreq(eval(band)); + self.pokebysym("MDMCFG4" , 0x8B) # 62.5 kbps w/ 200 kHz filter + self.pokebysym("MDMCFG3" , 0x3B) + self.pokebysym("MDMCFG2" , 0x11) + self.pokebysym("MDMCFG1" , 0x02) + self.pokebysym("MDMCFG0" , 0x53) + self.pokebysym("CHANNR" , 0x00) # Channel zero. + self.pokebysym("DEVIATN" , 0x50) # 50 kHz deviation + + self.pokebysym("FREND1" , 0xB6) # Front end RX configuration. + self.pokebysym("FREND0" , 0x10) # Front end RX configuration. + self.pokebysym("MCSM2" , 0x1E) + self.pokebysym("MCSM1" , 0x3F) + self.pokebysym("MCSM0" , 0x30) + self.pokebysym("FOCCFG" , 0x1D) # Frequency Offset Compensation Configuration. + self.pokebysym("BSCFG" , 0x1E) # 6.25% data error rate + + self.pokebysym("AGCCTRL2" , 0xC7) # AGC control. + self.pokebysym("AGCCTRL1" , 0x00) # AGC control. + self.pokebysym("AGCCTRL0" , 0xB2) # AGC control. + + self.pokebysym("TEST2" , 0x81) # Various test settings. + self.pokebysym("TEST1" , 0x35) # Various test settings. + self.pokebysym("TEST0" , 0x09) # Various test settings. + self.pokebysym("PA_TABLE0", 0xc0) # Max output power. + self.pokebysym("PKTCTRL1" , 0x04) # Packet automation control, w/ lqi + #self.pokebysym("PKTCTRL1" , 0x00) # Packet automation control. w/o lqi + self.pokebysym("PKTCTRL0" , 0x05) # Packet automation control, w/ checksum. + #self.pokebysym("PKTCTRL0" , 0x00) # Packet automation control, w/o checksum, fixed length + self.pokebysym("ADDR" , 0x01) # Device address. + self.pokebysym("PKTLEN" , 0xFF) # Packet length. + + #Sync word hack + self.pokebysym("SYNC1",0x83); + self.pokebysym("SYNC0",0xFE); + return; + def config_iclicker(self,band="lf"): + #Mike Ossmann figured most of this out, with help from neighbors. + + self.pokebysym("FSCTRL1" , 0x06) # Frequency synthesizer control. + self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control. + + #Don't change these while the radio is active. + self.pokebysym("FSCAL3" , 0xE9) + self.pokebysym("FSCAL2" , 0x2A) + self.pokebysym("FSCAL1" , 0x00) + self.pokebysym("FSCAL0" , 0x1F) + + if band=="ismeu" or band=="eu": + print "The EU band is unknown."; + elif band=="ismus" or band=="us": + #905.5MHz + self.pokebysym("FREQ2" , 0x22) # Frequency control word, high byte. + self.pokebysym("FREQ1" , 0xD3) # Frequency control word, middle byte. + self.pokebysym("FREQ0" , 0xAC) # Frequency control word, low byte. + elif band=="ismlf" or band=="lf": + print "There is no LF version of the iclicker." + elif band=="none": + pass; + else: + #Got a frequency, not a band. + self.RF_setfreq(eval(band)); + # 812.5kHz bandwidth, 152.34 kbaud + self.pokebysym("MDMCFG4" , 0x1C) + self.pokebysym("MDMCFG3" , 0x80) + # no FEC, 2 byte preamble, 250kHz chan spacing + + #15/16 sync + #self.pokebysym("MDMCFG2" , 0x01) + #16/16 sync + self.pokebysym("MDMCFG2" , 0x02) + + self.pokebysym("MDMCFG1" , 0x03) + self.pokebysym("MDMCFG0" , 0x3b) + + self.pokebysym("CHANNR" , 0x2e) # Channel zero. + + #self.pokebysym("DEVIATN" , 0x71) # 118.5 + self.pokebysym("DEVIATN" , 0x72) # 253.9 kHz deviation + + self.pokebysym("FREND1" , 0x56) # Front end RX configuration. + self.pokebysym("FREND0" , 0x10) # Front end RX configuration. + self.pokebysym("MCSM2" , 0x07) + self.pokebysym("MCSM1" , 0x30) #Auto freq. cal. + self.pokebysym("MCSM0" , 0x14) + + self.pokebysym("TEST2" , 0x88) # + self.pokebysym("TEST1" , 0x31) # + self.pokebysym("TEST0" , 0x09) # High VCO (Upper band.) + self.pokebysym("PA_TABLE0", 0xC0) # Max output power. + self.pokebysym("PKTCTRL1" , 0x45) # Preamble qualidy 2*4=6, adr check, status + self.pokebysym("PKTCTRL0" , 0x00) # No whitening, CR, fixed len. + + self.pokebysym("PKTLEN" , 0x09) # Packet length. + + self.pokebysym("SYNC1",0xB0); + self.pokebysym("SYNC0",0xB0); + self.pokebysym("ADDR", 0xB0); + return; + def config_ook(self,band="none"): + self.pokebysym("FSCTRL1" , 0x0C) #08 # Frequency synthesizer control. + self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control. + + #Don't change these while the radio is active. + self.pokebysym("FSCAL3" , 0xEA) # Frequency synthesizer calibration. + self.pokebysym("FSCAL2" , 0x2A) # Frequency synthesizer calibration. + self.pokebysym("FSCAL1" , 0x00) # Frequency synthesizer calibration. + self.pokebysym("FSCAL0" , 0x1F) # Frequency synthesizer calibration. + + if band=="ismeu" or band=="eu": + self.pokebysym("FREQ2" , 0x21) # Frequency control word, high byte. + self.pokebysym("FREQ1" , 0x71) # Frequency control word, middle byte. + self.pokebysym("FREQ0" , 0x7a) # Frequency control word, low byte. + elif band=="ismus" or band=="us": + self.pokebysym("FREQ2" , 0x22) # Frequency control word, high byte. + self.pokebysym("FREQ1" , 0xB1) # Frequency control word, middle byte. + self.pokebysym("FREQ0" , 0x3B) # Frequency control word, low byte. + elif band=="ismlf" or band=="lf": + self.pokebysym("FREQ2" , 0x0C) # Frequency control word, high byte. + self.pokebysym("FREQ1" , 0x1D) # Frequency control word, middle byte. + self.pokebysym("FREQ0" , 0x89) # Frequency control word, low byte. + elif band=="none": + pass; + else: + #Got a frequency, not a band. + self.RF_setfreq(eval(band)); + + #data rate + #~1 + #self.pokebysym("MDMCFG4" , 0x85) + #self.pokebysym("MDMCFG3" , 0x83) + #0.5 + #self.pokebysym("MDMCFG4" , 0xf4) + #self.pokebysym("MDMCFG3" , 0x43) + #2.4 + #self.pokebysym("MDMCFG4" , 0xf6) + #self.pokebysym("MDMCFG3" , 0x83) + + #4.8 kbaud + #print "Warning: Default to 4.8kbaud."; + #self.pokebysym("MDMCFG4" , 0xf7) + #self.pokebysym("MDMCFG3" , 0x83) + #9.6 kbaud + #print "Warning: Default to 9.6kbaud."; + # + + self.pokebysym("MDMCFG4" , 0xf8) + self.pokebysym("MDMCFG3" , 0x83) + self.pokebysym("MDMCFG2" , 0x34) # OOK, carrier-sense, no-manchester + + #Kind aright for keeloq + print "Warning: Guessing baud rate."; + #self.pokebysym("MDMCFG4" , 0xf6) + #self.pokebysym("MDMCFG3" , 0x93) + #self.pokebysym("MDMCFG2" , 0x3C) # OOK, carrier-sense, manchester + + self.pokebysym("MDMCFG1" , 0x00) # Modem configuration. + self.pokebysym("MDMCFG0" , 0xF8) # Modem configuration. + self.pokebysym("CHANNR" , 0x00) # Channel number. + + self.pokebysym("FREND1" , 0x56) # Front end RX configuration. + self.pokebysym("FREND0" , 0x11) # Front end RX configuration. + self.pokebysym("MCSM0" , 0x18) # Main Radio Control State Machine configuration. + #self.pokebysym("FOCCFG" , 0x1D) # Frequency Offset Compensation Configuration. + #self.pokebysym("BSCFG" , 0x1C) # Bit synchronization Configuration. + + #self.pokebysym("AGCCTRL2" , 0xC7) # AGC control. + #self.pokebysym("AGCCTRL1" , 0x00) # AGC control. + #self.pokebysym("AGCCTRL0" , 0xB2) # AGC control. + + self.pokebysym("TEST2" , 0x81) # Various test settings. + self.pokebysym("TEST1" , 0x35) # Various test settings. + self.pokebysym("TEST0" , 0x0B) # Various test settings. + self.pokebysym("PA_TABLE0", 0xc2) # Max output power. + self.pokebysym("PKTCTRL1" , 0x04) # Packet automation control, w/ lqi + #self.pokebysym("PKTCTRL1" , 0x00) # Packet automation control. w/o lqi + #self.pokebysym("PKTCTRL0" , 0x05) # Packet automation control, w/ checksum. + self.pokebysym("PKTCTRL0" , 0x00) # Packet automation control, w/o checksum, fixed length + self.pokebysym("ADDR" , 0x01) # Device address. + self.pokebysym("PKTLEN" , 0xFF) # Packet length. + + self.pokebysym("SYNC1",0xD3); + self.pokebysym("SYNC0",0x91); def config_simpliciti(self,band="none"): - self.pokebysym("FSCTRL1" , 0x08) # Frequency synthesizer control. + self.pokebysym("FSCTRL1" , 0x0C) #08 # Frequency synthesizer control. self.pokebysym("FSCTRL0" , 0x00) # Frequency synthesizer control. #Don't change these while the radio is active. @@ -263,7 +493,7 @@ class GoodFETCC(GoodFET): self.pokebysym("TEST2" , 0x81) # Various test settings. self.pokebysym("TEST1" , 0x35) # Various test settings. self.pokebysym("TEST0" , 0x09) # Various test settings. - self.pokebysym("PA_TABLE0", 0xC0) # PA output power setting. + self.pokebysym("PA_TABLE0", 0xc0) # Max output power. self.pokebysym("PKTCTRL1" , 0x04) # Packet automation control, w/ lqi #self.pokebysym("PKTCTRL1" , 0x00) # Packet automation control. w/o lqi self.pokebysym("PKTCTRL0" , 0x05) # Packet automation control, w/ checksum. @@ -340,7 +570,7 @@ class GoodFETCC(GoodFET): """Get a packet from the radio. Returns None if none is waiting.""" self.shellcodefile("rxpacket.ihx"); len=self.peek8(0xFE00,"xdata"); - return self.peekblock(0xFE00,len+1,"data"); + return self.peekblock(0xFE00,len+3,"data"); def RF_txpacket(self,packet): """Transmit a packet. Untested.""" @@ -353,7 +583,7 @@ class GoodFETCC(GoodFET): self.pokeblock(0xFE00,packet,"data"); self.shellcodefile("txrxpacket.ihx"); len=self.peek8(0xFE00,"xdata"); - return self.peekblock(0xFE00,len+1,"data"); + return self.peekblock(0xFE00,len+3,"data"); def RF_getrssi(self): """Returns the received signal strenght, with a weird offset.""" @@ -363,7 +593,7 @@ class GoodFETCC(GoodFET): except: if self.verbose>0: print "RSSI reg doesn't exist."; try: - #RSSI doesn't exist on 2.4GHz devices. Maybe RSSIL and RSSIH? + #RSSI doesn't exist on some 2.4GHz devices. Maybe RSSIL and RSSIH? rssilreg=self.symbols.get("RSSIL"); rssil=self.CCpeekdatabyte(rssilreg); rssihreg=self.symbols.get("RSSIL"); @@ -474,8 +704,10 @@ class GoodFETCC(GoodFET): 0x8900:"cc2431", 0x8100:"cc2510", 0x9100:"cc2511", - 0xA500:"cc2530", #page 52 of SWRU191 + 0xA500:"cc2530", #page 57 of SWRU191B 0xB500:"cc2531", + 0x9500:"CC2533", + 0x8D00:"CC2540", 0xFF00:"CCmissing"}; CCpagesizes={0x01: 1024, #"CC1110", 0x11: 1024, #"CC1111", @@ -483,8 +715,10 @@ class GoodFETCC(GoodFET): 0x89: 2048, #"CC2431", 0x81: 1024, #"CC2510", 0x91: 1024, #"CC2511", - 0xA5: 2048, #"CC2530", #page 52 of SWRU191 + 0xA5: 2048, #"CC2530", #page 57 of SWRU191B 0xB5: 2048, #"CC2531", + 0x95: 2048, #"CC2533", + 0x8D: 2048, #"CC2540", 0xFF: 0 } #"CCmissing"}; def infostring(self): return self.CCidentstr(); @@ -621,7 +855,12 @@ class GoodFETCC(GoodFET): """Start debugging.""" self.setup(); self.writecmd(self.APP,0x20,0,self.data); - ident=self.CCidentstr(); + ident=self.CCident(); + if ident==0xFFFF or ident==0x0000: + self.writecmd(self.APP,0x20,0,self.data); + ident=self.CCident(); + + #print "Target identifies as %s." % ident; #print "Status: %s." % self.status(); self.CCreleasecpu();